Daily NCSC-FI news followup 2020-01-25

Kyberhäiriötilanteisiin kannattaa valmistautua jo etukäteen varautumista koskevat suositukset ja sääntely koottiin yhteen

www.epressi.com/tiedotteet/tietoturva/kyberhairiotilanteisiin-kannattaa-valmistautua-jo-etukateen-varautumista-koskevat-suositukset-ja-saantely-koottiin-yhteen.html Huoltovarmuusorganisaation Digipooli ja Tietoliikenteen ja tietotekniikan keskusliitto FiCom ry ovat julkaisseet suositukset kyberturvallisuudestaan huolehtiville yrityksille sekä IT- ja tietoturvapalveluiden tarjoajille. Suosituksia tarjoillaan kolmeen vaiheeseen: ennen sopimista, palvelun ylläpidossa ja häiriötilanteissa huomioitaviin asioihin.

Does Your Domain Have a Registry Lock?

krebsonsecurity.com/2020/01/does-your-domain-have-a-registry-lock/

Hackers target unpatched Citrix servers to deploy ransomware

www.zdnet.com/article/hackers-target-unpatched-citrix-servers-to-deploy-ransomware/ REvil ransomware gang has been spotted abusing Citrix bug to infect victims.

Nice Try: 501 (Ransomware) Not Implemented

www.fireeye.com/blog/threat-research/2020/01/nice-try-501-ransomware-not-implemented.html

NSA Releases Guidance on Mitigating Cloud Vulnerabilities

www.us-cert.gov/ncas/current-activity/2020/01/24/nsa-releases-guidance-mitigating-cloud-vulnerabilities

Russian Pleads Guilty to Running ‘CardPlanet’ to Sell Stolen Credit Cards

thehackernews.com/2020/01/russian-credit-card-hacker.html Aleksei Burkov, a 29-year-old Russian hacker, on Thursday pleaded guilty to multiple criminal charges for running two illegal websites that helped cyber criminals commit more than $20 million in credit card fraud.

Citrix Releases Final Patch as Ransomware Attacks Ramp Up

www.bleepingcomputer.com/news/security/citrix-releases-final-patch-as-ransomware-attacks-ramp-up/ Citrix released the final permanent fix for the actively exploited CVE-2019-19781 vulnerability, needed to secure all vulnerable Citrix Application Delivery Controller (ADC), Citrix Gateway, and Citrix SD-WAN WANOP appliances.

New Ryuk Info Stealer Targets Government and Military Secrets

www.bleepingcomputer.com/news/security/new-ryuk-info-stealer-targets-government-and-military-secrets/ A new version of the Ryuk Stealer malware has been enhanced to allow it to steal a greater amount of confidential files related to the military, government, financial statements, banking, and other sensitive data.

DOS Exploit PoC Released for Critical Windows RDP Gateway Bugs

www.bleepingcomputer.com/news/security/dos-exploit-poc-released-for-critical-windows-rdp-gateway-bugs/ A proof-of-concept (PoC) denial of service exploit has been published by Danish security researcher Ollypwn for the CVE-2020-0609 and CVE-2020-0610 flaws affecting the Remote Desktop Gateway (RD Gateway) component on Windows Server (2012, 2012 R2, 2016, and 2019) devices.

City of Potsdam Servers Offline Following Cyberattack

www.bleepingcomputer.com/news/security/city-of-potsdam-servers-offline-following-cyberattack/ The City of Potsdam severed the administration servers’ Internet connection following a cyberattack that took place earlier this week. Emergency services including the city’s fire department fully operational and payments are not affected.

U.S. Govt Agency Hit with New CARROTBALL Malware Dropper

www.bleepingcomputer.com/news/security/us-govt-agency-hit-with-new-carrotball-malware-dropper/ A new malware called CARROTBALL, used as a second-stage payload in targeted attacks, was distributed in phishing email attachments delivered to a U.S. government agency and non-US foreign nationals professionally affiliated with current activities in North Korea.

You might be interested in …

Daily NCSC-FI news followup 2020-08-18

Emotet-haittaohjelmaa levitetään aktiivisesti Suomessa www.kyberturvallisuuskeskus.fi/fi/emotet-haittaohjelmaa-levitetaan-aktiivisesti-suomessa Emotet-haittaohjelmaa levitetään sähköpostitse suomalaisten organisaatioiden nimissä. Haittaohjelmahyökkäyksen tarkoituksena on varastaa organisaatioista tietoja, ja samalla hyökkäyksellä on mahdollista tunkeutua verkkoon syvemmälle ja käynnistää esimerkiksi kiristyshaittaohjelmahyökkäys. Hyökkäyskampanja on näkynyt aktiivisena 17.8.2020 alkaen.. see also www.is.fi/digitoday/tietoturva/art-2000006605860.html World’s largest cruise line operator discloses ransomware attack www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/ Carnival Corp says it suffered a ransomware attack […]

Read More

Daily NCSC-FI news followup 2019-06-30

Breaking: Huawei will be allowed to do business with U.S. companies again www.androidauthority.com/breaking-huawei-allowed-to-do-business-with-us-companies-again-1004260/ U.S. companies will be allowed to work with Huawei again, President Trump announced in a news conference.. Its not clear what this means for now, but its likely Huawei will be able to acquire basic components like Qualcomm processors and Googles Android […]

Read More

Daily NCSC-FI news followup 2020-03-27

Best password managers for business in 2020: 1Password, Keeper, LastPass, and more www.zdnet.com/article/best-password-managers/ Everyone needs a password manager. Period, full stop. It’s the only possible way to maintain unique, hard-to-guess credentials for every secure site you, your family members, and your team access daily. Booz Allen analyzed 200+ Russian hacking operations to better understand their […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.